CAS-005 · Question #502
CAS-005 Question #502: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-005 to reveal the answer and full explanation for question #502. The question stem and answer options stay visible for context.
Question
During a recent security event, access from the non-production environment to the production environment enabled unauthorized users to install unapproved software and make unplanned configuration changes. During an investigation, the following findings are identified: - Several new users were added in bulk by the IAM team. - Additional firewall and routers were recently added to the network - Vulnerability assessments have been disabled for all devices for more than 30 days. - The application allow list has not been modified in more than two weeks. - Logs were unavailable for various types of traffic - Endpoints have not been patched in more than ten days. Which of the following actions would most likely need to be taken to ensure proper monitoring is in place within the organization? (Choose two.)
Options
- ADisable bulk user creations by the IAM team.
- BExtend log retention for all security and network devices for 180 days for all traffic.
- CReview the application allow list on a daily basis to make sure it is properly configured.
- DRoutinely update all endpoints and network devices as soon as new patches/hot fixes are
- EEnsure all network and security devices are sending relevant data to the SIEM
- FConfigure rules on all firewalls to only allow traffic from the production environment to the non-
Unlock CAS-005 to see the answer
You've previewed enough free CAS-005 questions. Unlock CAS-005 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.